Clam or Klam? Either Way, It's Easy Linux Protection
Sep 8, 2010 5:00 AM PT
Have you run a virus scan lately? Nope? Don't need to, you say. That's because you run a Linux OS.
Think again. To quote the title line of Bob Dylan's third studio album, "the times they are a-changin.'"
Yes they are. And part of that change is the greater risk of malware attacks to the Linux operating system. It used to be that Linux was so iron-clad safe security-wise that virus intrusions did not exist.
Used-to-be has now given way to possibly maybe. The rallying cry among security experts in the past was simply that using a Linux OS -- or Mac OS X -- gave your built-in security by obscurity.
Still, many operators of Linux-powered email servers for years ran Unix-based security software to insure that contact with the Windows environment didn't unwittingly pass along any viruses. That same strategy makes sense if you run any of the dozens of flavors of the Linux desktop.
With so much of our computing activities based on Web-based apps and cross-platform software such as browsers and word processors, this unobtrusive scanner application goes a step or two beyond the "security by obscurity" axiom.
The naming game is basically an alphabet soup of environments. The KlamAV entity pairs up with the KDE environment.
The ClamTK Virus Scanner is a GUI or Graphical User Interface front-end for the ClamAV antivirus using gtk2-perl.
In most Linux distros, you can get either version from the package management system. This makes installation foolproof and uncomplicated.
Well, yea. You can find a few other anti-virus apps for various Linux distros. But they are mostly distributed as binary files and are available outside package management repositories for various Linux distros.
For instance, I used to run AVG for Linux. But I lost interest in fighting to get the virus updates to connect.
I also use to use F-Prot when I ran earlier versions of Puppy Linux on a few of my older computers. I fell out of favor with it when I upgraded to the Lucid Lynx version of Ubuntu on my newer hardware. Installing it outside the repository was too much of a hassle.
I still like the Linux version of Avast antivirus software. It is a bit easier to install than other n on-repository packages. Avast is available in three versions. One is for RPM package managers commonly used by Red Hat Linux and its derivatives. The second is a .deb package, which is compatible with Ubuntu other Debian-based distros. The third version is more generic. It comes as a tarball or TAR.GZ compressed package.
KlamAV brings the same protection to the KDE desktop as ClamAV brings to the Gnome world. Like its counterpart, it includes on-access scanning and manual scanning.
KlamAV also has quarantine management and easy updates downloading. You can also use it for automatic email scanning if you use Kmail or Evolution.
Easy-to-install packages for non-KDE environments are available directly from repositories used for Linux distributions based on Fedora, CentOS, Debian and Ubuntu versions. It is also available as a tarball.
The latest version of the ClamTK Virus Scanner, version 4.28, was released in August. It also plays nicely with the XFCE desktop. The Thunar file manager normally has no right-click send-to ClamTK functionality, but the developer made a work-around to fix this. You can get it here.
The ClamTK GUI
The interface is clean and simple. It shows Scan, View, Quarantine, Advanced and Help drop-down menu options.
The Actions windows has buttons for Home, File Directory and Exit. These are actually shortcuts that let you bypass the full scan menu.
The bottom of the app window shows pertinent details about the age of the virus definitions, the last virus scan date, and the last infected file date.
Go to the Scan menu to select the type of scan you want to run. The choices are file, directory, recursive, a home directory quick scan or a home directory recursive scan. Predefined hot key combinations for each action are available to bypass having to use the drop down menu.
Under the Advanced menu you can set the scan options. The recommended choice is Home rather than the entire computer.
You can also set the time of the scans and add additional directories such as a whitelisted location. You can also set the time for your system to update virus signatures.
The Klam Face
The user interface for the KlamAV Antivirus Manager is a bit more extensive. Its tool bar row shows tabs for Scan, Update, Quarantine, Virus Browser and Events.
The Scan tab shows a tree structure of the entire file system. A list of action commands tells the scanner engine what to do when a virus is found. Clicking the check box activates the selected options. Buttons within the tabbed page provide access to scanning schedules and other options.
Each of the tabbed pages has a similar set up. The options and control over when and what the scanning engine does seem more detailed than the TK version.
On several of the Klam tabs you can select links to the Klam Web site. The choices include latest news, the application home page and security notes.
One very handy feature in this version is the Virus Browser. This lets you get details about whatever viruses it detects. This ties in with viruses listed as quarantined on your system.
Another key feature that keeps you in the know is the Events page. You can search for varies types of events found during system scans. Several filtering controls let you pinpoint the type of event and the time and the location.